From FroggDev - En
Jump to: navigation, search
Linux Logo



Linux is a Unix-like and mostly POSIX-compliant computer operating system assembled under the model of free and open-source software development and distribution. The defining component of Linux is the Linux kernel, an operating system kernel first released on 5 October 1991 by Linus Torvalds. The Free Software Foundation uses the name GNU/Linux to describe the operating system, which has led to some controversy.

Linux was originally developed as a free operating system for Intel x86–based personal computers, but has since been ported to more computer hardware platforms than any other operating system. It is the leading operating system on servers and other big iron systems such as mainframe computers and supercomputers, but is used on only around 1.5% of desktop computers. Linux also runs on embedded systems, which are devices whose operating system is typically built into the firmware and is highly tailored to the system; this includes mobile phones, tablet computers, network routers, facility automation controls, televisions and video game consoles. Android, the most widely used operating system for tablets and smartphones, is built on top of the Linux kernel.


Debian Logo
debian version
nano /etc/debian_version
official doc

Link to official documentation

security announcement mailing list

debian 6.0 Squeeze to 7.0 Wheezy

Link to tutorial to update debian 6.0 Squeeze to 7.0 Wheezy

debian 7.0 Wheezy to 8.0 Jessie

Link to tutorial to update debian 7.0 Wheezy to 8.0 Jessie


Link to server configuration

package management

Link to list of commands to manage Debian packages

Important Files & Folders

Link to list of importants Files & Folders to manage Linux

logs management

Link to log management

log Rotate

Link to log rotate management

Add a NTP Client

Link to add client NTP

Debian tools

Link to usefull Debian tools


Bash Logo

Official doc:


Link to usefull bash commands


Environment variables


Color management in bash


Array management

Usefull Function

Usefull functions


Link to usefull Sed commands


Repair system with a live CD

VI Shortcuts

i        	= mode insert  
   esc		= exit mode insert
dd		= delete line
:		= execute command
  :q 		= execute quit
  :w 		= execute write-file
  :wq		= execute write-file, quit
  :f {file}	= change curr filename
  :cd {dir}	= change current folder
  :$ 		= go to end of file
  :!		= force command


:wq!		= force write-file even if it is read only
:q!		= force quit file without save it

FTP Commands

bin	= switch to mode binary
ascii	= switch to mode ascii
passive = switch to mode passive
active	= switch to mode active
ls	= list server folder
cd	= change server folder
lcd 	= change client folder
get	= get server file
put	= put client file
mkdir 	= create a server folder
rmdir   = remove a server folder
bye	= quit FTP client


Apache Logo

official doc:

official doc:

about security :


  • environment vars


#user apache
export APACHE_RUN_USER=www-data
#group apache
export APACHE_RUN_GROUP=www-data
#default log dir
export APACHE_LOG_DIR=/var/log/apache2$SUFFIX
#default lang
export LANG=C
  • restart service
apache2ctl restart
sudo service apache2 restart
sudo /etc/init.d/apache2 restart
  • sites list
/etc/apache2/sites-available/{SiteName}			available site files
/etc/apache2/sites-enabled/{SiteName}			enabled site files
a2ensite /etc/apache2/sites-available/{SiteName}	enable a site
a2dissite /etc/apache2/sites-available/{SiteName}	disable a site

ou can be visualized with the command

apachectl -S


apache2ctl -t -DDUMP_VHOSTS
  • modules list
apachectl -M
  • more informations

Directives in the configuration files are case-insensitive, but arguments to directives are often case sensitive.

Virtual Host

Virtual host define web site available on the Apache server, and will set the site configuration

  • Basic virtual host configuration
# [ FROGGCV ] #
<VirtualHost *:80>
# [ Server Domain ] (Can be an IP)
# [ Server Root ]
DocumentRoot /var/www/cv/



apache2ctl -M			#List of modules installed
a2enmod {moduleName}		#Enable a module 
a2dismod {moduleName}		#Disable a module


list of officials modules :

mod security (Debian 8)

  • installation
apt-get install libapache2-mod-security2
  • configuration file
cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
  • configuration


SecRuleEngine DetectionOnly


SecRuleEngine On

Custom errors

  • /etc/apache2/conf.d/localized-error-pages
ErrorDocument 404 /404.htm		#example changing 404 page

Can be set in site configuration

  • shared error page for all virtual host
# [ Error documents ]
ErrorDocument 404 /errors/404.htm
ErrorDocument 403 /errors/403.htm

# allow errors pages to be visible from any virtual host
Alias /errors/404.htm /var/www/errors/404.htm
Alias /errors/404.png /var/www/errors/404.png
Alias /errors/403.htm /var/www/errors/403.htm
Alias /errors/403.png /var/www/errors/403.png

Custom Logs

# [ Log level ]
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
# LogLevel debug rewrite:trace8 = max level, all is loged
#LogLevel debug rewrite:trace8
LogLevel warn

# [ Log format ]
LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

# [ Error Logs ]
ErrorLog ${APACHE_LOG_DIR}/error.log

# [ Logs Exeptions ] #add env=!dontlog to log line

# - hack rules
SetEnvIfNoCase Request_URI "\/phppath\/|\/wp-content\/|\/wp-config\.php|\/force-download\.php|\/wp-admin\/|\/MyAdmin\/|\/myadmin\/|\/pma\/|\/phpmy$
SetEnvIf Request_URI "hack\.htm" hacklog
SetEnvIf User-agent "^-?$" hacklog
SetEnvIf Remote_Addr "^(127\.0\.0\.1|192\.168\.0\.1)$" !hacklog

# - Special rules
SetEnvIfNoCase Request_URI "piwik\.php" piwiklog
SetEnvIfNoCase Request_URI "frogglogin\.php" loginlog
SetEnvIfNoCase User-agent "bot|spider|coccoc|slurp" botlog

# - Exeption
SetEnvIfNoCase Request_URI "\/phppath\/|\/wp-content\/|\/wp-config\.php|\/force-download\.php|\/wp-admin\/" dontlog
SetEnvIfNoCase Request_URI "piwik\.php|frogglogin\.php|hack\.htm" dontlog
SetEnvIfNoCase Request_URI "\.jpg$|\.jpeg$|\.gif$|\.png$|\.ico$|\.icon$|\.css$|\.js$|\.woff$|\.woff2$" dontlog
SetEnvIfNoCase User-agent  "bot|spider|coccoc|slurp" dontlog
SetEnvIfNoCase User-agent  "^-?$" dontlog

# ==[ All Logs ]==
#CustomLog ${APACHE_LOG_DIR}/full_access.log vhost_combined
CustomLog ${APACHE_LOG_DIR}/access.log vhost_combined env=!dontlog
CustomLog ${APACHE_LOG_DIR}/bot.log vhost_combined env=botlog
CustomLog ${APACHE_LOG_DIR}/piwik.log vhost_combined env=piwiklog
CustomLog ${APACHE_LOG_DIR}/login.log vhost_combined env=loginlog
CustomLog ${APACHE_LOG_DIR}/hack.log vhost_combined env=hacklog


allow cross-domain requests

Header set Access-Control-Allow-Origin "*"
  • persistant connexion
Header set Connection keep-alive 
  • Remove cache
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Sat, 02 Aug 1980 15:15:00 GMT"
  • Add cache
<FilesMatch "\\.(ico|jpe?g|png|gif|swf|gz|ttf)$">
Header set Cache-Control "max-age=2797200, public"
<FilesMatch "\\.(css)$">
Header set Cache-Control "max-age=2797200, public"
<FilesMatch "\\.(js)$">
Header set Cache-Control "max-age=2797200, private"
<filesMatch "\\.(html|htm)$">
Header set Cache-Control "max-age=86400, public"
# Disable caching for scripts and other dynamic files
<FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
#Header unset Cache-Control
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Sat, 02 Aug 1980 15:15:00 GMT"


Mod Alias

enable redirection

a2enmod alias

Official doc


Maps URLs to filesystem locations

Alias /frogglogin/frogglogin.php /opt/notwww/frogglogin/frogglogin.php


Maps URLs to filesystem locations using regular expressions

AliasMatch "(?i)^/frogglogin/image(.*)" "/opt/notwww/frogglogin/img/image$1"


Sends an external redirect asking the client to fetch a different URL

Redirect Permanent /wiki_en/


Sends an external redirect based on a regular expression match of the current URL

RedirectMatch permanent ^/$

with negative regexp

RedirectMatch 301 ^/(?!server-status)(.*)$1

Mod Rewrite

enable rewrite url

a2enmod rewrite

official doc

Rewrite rules

  • RewriteCond : condition
  • Structure : {Command} {Case} {Keyword} [Options]
  • RewriteRule : règle
  • Structure : {Command} {Keyword} {Results} [Options]
RewriteCond %{HTTP_USER_AGENT} (bot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (spider) [NC]
RewriteRule ^(.*)$ /errors/nobots.htm [L,R=301]

Rewrite url param

RewriteCond param regexp is catch in %1 instead of $1

RewriteCond %{QUERY_STRING} ^page.php?id=(.*)
RewriteRule .* /%1/ [L,R=301]

Flag list

official doc :

[CO]	Cookie
[DPI]	Discardpath
[E]	Env Variable
[END]	Terminate
[F]	Forbiden
[G]	Gone (410)
[H]	Handler
[L]	Last
[N]	Next
[NC]	No case
[NE]	Noescape
[NS]	Nosubreq
[OR]	Conditional OR
[P]	Proxy
[PT]	Passthrough
[QSA]	Query string append
[QSD]	Qsdiscard
[R=302]	Redirect=code
[S]	Skip
[T]	Type

List of http status code


  • case : http to https

redirect all trafic from http to https

RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
RewriteCond %{SERVER_PORT} ^80$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Apache don't advise this syntax :

  • case : changing domaine name or server host

redirect old trafic to new webstie (code 301 = Permanent Redirect)

RewriteEngine on
RewriteRule (.*)$1 [R=301,L]
  • case : security to block bot with empty user-agent or who return -

redirect to a specialpage with code 200 done by proxy [P]

RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteCond %{REQUEST_URI} !errors\/noua.htm
RewriteRule (.*) /errors/noua.htm [P]
  • case : url rewriting

redirect trafic if page or folder requested doesn't exist

RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]

Web Proxy

  • enable proxy web
a2enmod proxy
ad2enmod proxy_http
  • official doc

  • sample
<VirtualHost *:80>
# [ Server Domain ]
# [ Server Root ]
DocumentRoot /var/www/temp/
# [ Proxy Redirect ] + exeption on /errors folder
ProxyPass /errors !
ProxyPass /
ProxyPassReverse /
  • sample with RewriteRule
<VirtualHost *:80>
# [ Server Domain ]
# [ Server Root ]
DocumentRoot /var/www/demo/
# [ Proxy Redirect ]
RewriteRule (.*)$1 [P]
  • sample with RewriteRule & Auth
<VirtualHost *:80>
# [ Server Domain ]
# [ Server Root ]
DocumentRoot /var/www/demo/
# [ Basic Auth ]
<Location />
    Order Allow,Deny
    Allow from all
    AuthName "Authentification utilisateur"
    AuthType Basic
    AuthUserFile /opt/web/passwd
    Require valid-user
# [ Proxy Redirect ]
RewriteRule (.*)$1 [P]


  • enable ssl
a2enmod ssl
  • Official doc

  • Unofficial doc

  • free certificate

  • ssl tester

  • prevent apache asking key each reboot
openssl rsa -in -out
  • Create self signed files
#Create self signed certificat
openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout myOwn.pem -out myOwn.pem
#Create key file
openssl genrsa -des3 -out myOwn.key 2048
#Create csr file
openssl req -new -key myOwn.key -out myOwn.csr


sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
  • test if a certificat can apply to alternative domain
openssl x509 -in /etc/apache2/ssl-certs/ -noout -text | grep -A1 "Subject Alternative"


X509v3 Subject Alternative Name:,
  • Configuration
# [ HTTPS Site ]

SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024

<VirtualHost *:443>

SSLEngine on
SSLOptions +StrictRequire
SSLProxyEngine off
SSLHonorCipherOrder on

#SSL Compression (CRIME attack)
SSLCompression off

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"

SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2

SSLCertificateFile /opt/web/ssl/
SSLCertificateKeyFile /opt/web/ssl/
SSLCertificateChainFile /opt/web/ssl/

<Directory />

<IfModule mime.c>
    AddType application/x-x509-ca-cert      .crt
    AddType application/x-pkcs7-crl         .crl

# [ Access Logs ]
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel alert
#LogLevel alert rewrite:trace1
CustomLog ${APACHE_LOG_DIR}/access_ssl.log combined env=!dontlog
CustomLog ${APACHE_LOG_DIR}/bot.log combined env=botlog
CustomLog ${APACHE_LOG_DIR}/piwik.log combined env=piwiklog
CustomLog ${APACHE_LOG_DIR}/login.log combined env=loginlog
#special ssl request
CustomLog ${APACHE_LOG_DIR}/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" env=!dontlog


  • official doc

  • sample with basic auth
<Location /secure>
   AuthType basic
   AuthName "private area"
   AuthUserFile /www/etc/passfile
   Require valid-user

add/modify a user in the user file conf

htpasswd -b -m /www/etc/passfile {User} {Pass}


if a .htaccess file is created in a folder with apache configuration instruction in it, thoose instructions will overwrite apache global configuration. Best practice is too use apache main configuration file, who is loaded to the memory. .htaccess are adding hard drive access to each access files, so it is mainly used when there is no other solution like in shared servers.

  • enable .htaccess (in terminal)
a2enmod rewrite
  • allow instruction rewrite (All or specified instructions)
<Directory /var/www/>
     AllowOverride all
  • disable .htaccess for some directories
<Directory /var/www/example/*>
    AllowOverride None
  • remove access
Deny from all
  • allow access bypass auth if required
satisfy any 
Allow from all #(required if Deny has been set on parents folder) 
  • Auth by file
AuthName "user Authentification"
AuthType basic
AuthUserFile /pathToUsers/passwd
Require valid-user

(more auth basic option

(more auth options

  • remove all cache
 <ifModule mod_headers.c>
 Header unset ETag
 Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
 Header set Pragma "no-cache"
 Header set Expires "Sat, 02 Aug 1980 15:15:00 GMT"
 <IfModule mod_expires.c>
        ExpiresActive On
        ExpiresDefault "access plus 0 seconds"
  • force file encoding
AddCharset windows-1252 .html
AddCharset windows-1252 .php
  • redirect trafic
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.ima\.umn\.edu/~arnaud\.marsiglietti/
RewriteRule (.*)$1 [R=301,L]
  • redirect if file exist
RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f
  • base folder
RewriteBase /myapp/
  • .htaccess generator


  • apache test

ab -n 2700 -c 90 -k -H "Accept-Encoding: gzip, deflate"
  • hard drive test
inotifywait -mr /var/www/



IRC Server & IRC Channel


Base export/import
mysqldump -u {User} -p{Pass} {BaseName} > dump.sql		export specific database
mysqldump -u {User} -p{Pass} --all-databases > dump.sql		export all database
mysql -u {User} -p{Pass} {BaseName} < dump.sql			import specific database
mysql -u {User} -p{Pass} < dump.sql				import all database
remove admin user if exist in mysql
mysql -e "DELETE FROM user WHERE User='{Usr}'" -u root -p{mysqlRootPw} mysql
create properly the new mysql admin account
mysql -e "CREATE USER '{NewRootUsr}'@'localhost' IDENTIFIED BY '{NewRootPw}';
GRANT USAGE ON *.* TO {NewRootUsr}@localhost IDENTIFIED BY '{NewRootPw}';
FLUSH PRIVILEGES;" -u root -p{mysqlRootPw} mysql
changing base encoding
ALTER DATABASE froggcv CHARACTER SET utf8 COLLATE utf8_unicode_ci;
table copy
CREATE TABLE interwiki LIKE fr_interwiki; INSERT interwiki SELECT * FROM fr_interwiki;
repare database
  • error

mysqld: Table '{BASE/TABLE}' is marked as crashed and should be repaired

  • Caution

It is best to make a backup of a table before performing a table repair operation; under some circumstances the operation might cause data loss. Possible causes include but are not limited to file system errors.

  • official doc
  • repair command
mysqlcheck -u {USER} -p{PASS} --repair --all-database
mysqlcheck -u {USER} -p{PASS} --auto-repair --all-database
optimize database
mysqlcheck -u {USER} -p{PASS} --optimize --all-database
Can t Start
can't connect to local mysql server through socket '/var/run/mysqld/mysqld.sock' (2)
/etc/init.d/mysql restart


git clone root@ ./
git push (origin master)	push commited file to master project server
git push --tags			push commited tags to master project server
git push --delete origin v1	remove origin tag
git pull 			get last project version
git branch -r			see all remote branch
git branch -a			see all local branch
git checkout name		change current working branch
git clean 			Cleans files that are not under version control
git checkout .			Remove local changes
.gitignore			list of project file who will not be considered as in the project (thoose will not be pushed)
git config "Frogg"				Set current git project username
git config ""			Set current git project email
git config credential.helper cache			Set git to use the credential memory cache
git config credential.helper 'cache --timeout=3600'	Set the cache to time out after 1 hour (setting is in seconds)
git config receive.denyCurrentBranch ignore		Allow modification on master branch from remote GIT
git config core.editor nano				set default text editor to edit messages

for each config command --global parameters can be add to set for all projects

git add -A			stages All
git add .			stages new and modified, without deleted
git add -u			stages modified and deleted, without new
git commit -a			commit modified files
git commit --amend		modify last commit message
git reset hooks/*		remove last add
git rm --cached hooks/*		remove last commit 
git revert HEAD -m1 (ou -n1)	remove last commit
git tag -a v1 -m "Version 1"	add a tag and a description
git tag				show all tags
git tag -d v1			remove a tag
git log				show logs
git log -1			show last log
git log --oneline		how old version
clean git if status command take too much time
git diff --stat --cached (or can execute before git read-tree / git update-ref / git update-index )
Special Files
  • .git/config - Git repository or global options
  • .gitignore - List of blobs for git to ignore. Affects commands like git add and git clean.
  • .gitattributes - Let's you define attributes on files (e.g., to change how files look in a diff).
  • .mailmap - Lets you tell git that duplicate names or emails in the history are actually the same person. Affects commmands like git shortlog -ns, or git log --format="%aN <%aE>".
  • .gitmodules - Let's you define submodules (subdirectories of your git repository which are checkouts of other git repositories).

  • Error
HEAD is now at 11e7efe Merge "collapsibleTabs: Don't mix Arrays and jQuery objects for one property" error occurred while pulling /opt/web/wiki/common/skins/Vector
  • Cause
wrong branch
  • Solution
git checkout master git pull

EXIM Usefull Admin Commands

Find exim current version:
exim -bV
Delete All Frozen Emails:
exim -bpru|grep frozen|awk {’print $3′}|xargs exim -Mr
Force delivery of an email:
exim -M email-id
Force another queue run:
exim -qf
Force another queue run and attempt to flush the frozen messages:
exim -qff
View the log for the message:
exim -Mvl messageID
View the body of the message:
exim -Mvb messageID
View the header of the message:
exim -Mvh messageID
Remove bounced emails
cd /var/spool/exim/input
find . -type f -iname ‘*’ -exec grep -li "Failed" {} \; -exec rm {}\;