Try ps auxwwe instead of your standard ps -ef to see environment variables
associated with each PID.
----------------------------------------------------------------------------
Try umount -f /some/hung/NFS/mounted/filesystem to force an unmount
 or umount -l ...
----------------------------------------------------------------------------
See <a href="http://stromberg.dnsalias.org/~strombrg/fallback-reboot">
this interesting fallback-reboot program</a> for a way to recover from a
hung system without physically visiting the machine.
----------------------------------------------------------------------------
Some rpm incantations
  rpm -Uvh     to install (but don't use -U for kernel updates, use -i)
  rpm -qa      to query all installed packages
  rpm -qf      file-to-package mapping
  rpm -qi(p)   info on installed packages (or an specified package file)
  rpm -ql(p)   All files belonging to an Installed Package (or package file)
  rpm --import RPM-GPG-KEY
----------------------------------------------------------------------------
fdisk -l /dev/hda
The partition table in the MBR can only describe 4 partitions, so more than
that requires an exptended partition which can define up to 12 more LP's.
----------------------------------------------------------------------------
The 5 required file systems in / are /etc, /lib, /bin, /sbin, and /dev
(Not /tmp, /var, or /usr)
----------------------------------------------------------------------------
Firewall rules are in /etc/sysconfig/iptables.    
  iptables -f   to flush all Firewall rules
----------------------------------------------------------------------------
To break into a machine where you don't know root's password,
  - Boot machine
  - Interrupt grup prompt (presuming you have time) by hitting enter,
  - Enter "e" to edit the boot-time parameters,
  - Move down to the kernel line and type "e" to edit it,
  - append an "s" to the end of that line to enter "single user mode"
  - hit enter to save that line,
  - type "b" to boot
  - After booting, enter df to see what /dev/xxx to use
  - type "mount /dev/hda3 (or /dev/sda1) -o rw,remount /
  - Now you can fix the system or use passwd to change root's password.passwd

There's another way to do this by booting an install CD, but this is easier
and I would think, more common.
----------------------------------------------------------------------------
The Linux run levels are
  0 = Halt (init 0 is the same as the commands halt or shutdown -h now)
  1 or s or emergency = Single-user mode
  2 = Multi-user without NFS
  3 = Full multi-user mode
  4 = User definable, but not really used (duplicate of 3 by default)
  5 = X11 (normal run level)
  6 = Reboot (init 6 is the same as the commands reboot or shutdown -r now)
----------------------------------------------------------------------------
To route temporarily, echo 1 > /proc/sys/net/ipv4/ip_forward
or to make it permanent, vi /etc/sysctl.conf
and change the net.ipv4.ip_forward line to 1 (yes, periods, not slashes)
----------------------------------------------------------------------------
  4000 = SUID = For an executable file, switch to that user before running.
  2000 = SGID = For an executable file, switch to that group before running.
                For a directory, newly-created files keep directory's GID.
                Common for a shared, group directory (chmod g+s /dir/name)
  1000 = Sticky = For a file, remains in memory (extremely rare)
                  For a directory, only file owner can erase, despite the
                  directory's user, group, or other permissions allowing w.
                  EG, /tmp and /var/tmp both have drwxrwxrwt permissions.
----------------------------------------------------------------------------
Login-time bash scripts,
   /etc/profile     <---------------\
   /etc/profile.d/*.sh (called from /\ only if this is a login shell)
   ~/.bash_profile     (if not found by bash, it'll look for ~/.profile)
   ~/.bashrc           which calls
   /etc/bashc

Non-Login Shell scripts,
   ~/.bashrc
   /etc/bashrc           which calls the
   /etc/profile.d/*.sh   scripts!!  Note the out-of-order from above.
----------------------------------------------------------------------------
Default umask = 022 for     root (new files have -rw-r--r--)
                002 for non-root (new files have -rw-rw-r--)
----------------------------------------------------------------------------
Linux's tar command creates relative tar by default.  Use -P to create
absolute tar balls.
----------------------------------------------------------------------------
The fields in a cron line are,
  - The minute (0 through 59)
  - The hour (0 through 23)
  - The day of the month (1 through 31)
  - The month of the year (1 through 12)
  - The day of the week (0 through 6 for Sunday through Saturday)

New in Linux are a coupla other neat syntaxes,
  - */10  = For every 10 minutes (or whatever field it's in)
  - 8-17  = For 8:00 to 5:00 if in hour field.
----------------------------------------------------------------------------
There's lots of documentation at /usr/share/doc (403 files in a RHEL v4
base install, 735 in a full install)
----------------------------------------------------------------------------
/etc/network has NETWORKING=yes, HOSTNAME=adam, GATEWAY=a.b.c.d

/etc/network-scripts/ifcfg-eth0 has DEVICE=eth0, BOOTPROTO=static|dhcp,
IPADDR=a.b.c.d, ONBOOT=yes|no, TYPE=Ethernet|Wireless

Routes can go in either the /etc/sysconfig/static-routes file
or in a /etc/sysconfig/network-scripts/route-eth0 (or 1, ...) file
----------------------------------------------------------------------------
With iso files, how do you get to the image directory?

   mkdir tmpdir
   mount -o loop file.iso tmpdir
   cd tmpdir
   ls images/
   ...
   ...
   cd ..
   umount tmpdir

----------------------------------------------------------------------------

If you ever get the message
   passwd: Authentication token manipulation error
when changing somebody's password, the problem is that the /etc/shadow
file (Linux's equivalent to AIX's /etc/security/passwd) is out of sync with
what's in /etc/passwd.

For example, on 11-02-2005, I got this message when changing ipsrun's
password.  To resync /etc/shadow with /etc/passwd, run
   pwconv
After doing that, I was able to run
   passwd ipsrun

----------------------------------------------------------------------------

The Linux equivalent to jot, is seq.  For example,
   seq 8       returns 1-8
or seq 0 99    returns 0-99
or seq -w 0 99 returns 00-99

----------------------------------------------------------------------------

To trace Linux programs, invoke them with strace, e.g.
   strace -e trace=file -o /tmp/strace.make.oldconfig make oldconfig

----------------------------------------------------------------------------

This from a forum post,

bttv.o is included in kernel-unsupported.*.rpm.
                  (or kernel-smp-unsupported-2.4.21-4.EL.i686.rpm)

Below is excerpted from GM release notes, we've met similar situations with
jfs and reiserfs.

       The Red Hat Enterprise Linux 3 kernel makes use of a new kernel
       packaging technique. Due to the almost limitless variety of available
       hardware, it is not possible for Red Hat to fully support all hardware
       components. Therefore, while kernel modules for fully-supported
       hardware remain in the standard kernel packages, a series of new
       unsupported kernel packages are included with Red Hat Enterprise Linux 3.

       For each kernel package shipped there is a corresponding unsupported
       kernel package. For example, the unsupported kernel package for
       kernel-smp-2.4.21-3.EL.i686.rpm is
       kernel-smp-unsupported-2.4.21-3.EL.i686.rpm.

       NOTE: The unsupported kernel packages are not installed by the Red Hat
       Enterprise Linux installation program; therefore, in order to use
       unsupported kernel modules, you must manually install the unsupported
       kernel package corresponding to the kernel your system uses.

       After installing the appropriate unsupported kernel package, you must
       use the following command to update the module dependency tree and
       your initrd:

       /sbin/new-kernel-pkg --mkinitrd --depmod --install <kernel-version>
       (Where <kernel-version> represents the version of the installed kernel.)

       Drivers contained within the unsupported kernel packages are provided
       on a best-effort basis. This means that updates and upstream fixes may
       or may not be incorporated over time, and are not covered by the same
       support expectations as the fully supported drivers. Custom support
       arrangements covering drivers in the unsupported package may be worked
       out with Red Hat in some situations.

----------------------------------------------------------------------------

What's NPTL? => It's the "Native POSIX Thread Library".

See http://people.redhat.com/drepper/nptl-design.pdf for more info.

----------------------------------------------------------------------------

A better tool than find to find files based on name only, is locate, which
uses a pre-compiled database of files on your system.

See /etc/cron.daily.slocate.cron, which basically has just
/usr/bin/updatedb -f "nfs,smbfs,ncpfs,proc,devpts" -e "/tmp,/var/tmp,/usr/tmp,/afs,/net"


The default database is located at /var/lib/slocate/slocate.db

For example, these are equivalent,
   find / -name *rick*
   locate rick
in that both return
   /usr/share/backgrounds/tiles/bricks.png

There are a few nice options to locate that find doesn't have, e.g. -i to 
ignore case.  But then, locate doesn't do my common idiom of -exec grep ...

----------------------------------------------------------------------------

The nmap command quickly scans a given I.P. address for common ports and
reports back to you which are open and what they're for.  For example, I
wanted to know about 10.224.23.52 and 10.224.81.28, which were showing up
in my Zone Alarm logs.  nbstat identified 10.224.23.52 nicely as a machine
named ISI-1DJ7MYZFOS6, but it wasn't telling me anything about 10.224.81.28.

The -O (that's an oh, not a zero) option will guess which Operating system it is.

  [root@kristine root]# nmap -O 10.224.23.52

  Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
  Interesting ports on  (10.224.23.52):
  (The 1594 ports scanned but not shown below are in state: closed)
  Port       State       Service
  135/tcp    open        loc-srv                 
  139/tcp    open        netbios-ssn             
  179/tcp    filtered    bgp                     
  427/tcp    open        svrloc                  
  445/tcp    open        microsoft-ds            
  1025/tcp   open        NFS-or-IIS              
  5631/tcp   open        pcanywheredata          
  Remote operating system guess: Windows Millennium Edition (Me), Win 2000, or WinXP

  Nmap run completed -- 1 IP address (1 host up) scanned in 10 seconds

All nice like, but 10.224.81.28 appears to be a Redhat Linux box.

  [root@kristine root]# nmap -O 10.224.81.28

  Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
  Interesting ports on  (10.224.81.28):
  (The 1594 ports scanned but not shown below are in state: closed)
  Port       State       Service
  135/tcp    open        loc-srv                 
  179/tcp    filtered    bgp                     
  427/tcp    open        svrloc                  
  445/tcp    open        microsoft-ds            
  1025/tcp   open        NFS-or-IIS              
  5000/tcp   open        UPnP                    
  5631/tcp   open        pcanywheredata          
  No exact OS matches for host (If you know what OS is running on it,
        see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
  TCP/IP fingerprint:
  SInfo(V=3.00%P=i386-redhat-linux-gnu%D=12/3%Time=41B1093B%O=135%C=1)
  TSeq(Class=RI%gcd=1%SI=97BF%TS=0)
  TSeq(Class=RI%gcd=1%SI=8558%IPID=I%TS=0)
  TSeq(Class=RI%gcd=1%SI=F8D4%IPID=I%TS=0)
  T1(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
  T2(Resp=N)
  T3(Resp=Y%DF=Y%W=FAF0%ACK=S++%Flags=AS%Ops=MNWNNT)
  T4(Resp=N)
  T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
  T6(Resp=N)
  T7(Resp=N)
  PU(Resp=Y%DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E)



  Nmap run completed -- 1 IP address (1 host up) scanned in 29 seconds

----------------------------------------------------------------------------