===== Networks =====
[[ tcpdump | TCP Dump ]]
[[ wireshark | Wireshark ]]
[[ strace | strace ]]
[[ nmap | nmap ]]
[[ iptables | iptables ]]
[[ nis | NIS ]]
[[ RHEL Net | rhelnet ]]
[[ ip | IP ]]
[[ fibrechannel | Fibre Channel ]]
===== System =====
[[ bash | bash ]]
[[ awk | awk ]]
[[ vi | vi ]]
[[ screen | screen ]]
[[ ldap_auth | ldap auth ]]
[[ imagemagick | ImageMagick ]]
[[ fs_xfs | FS: XFS ]]
[[ regex | RegEx ]]
[[ ldap | ldap ]]
[[ vmware | VMWare ]]
[[ acl | acl ]]
[[ quota | quota ]]
[[ openssl | openssl ]]
[[ crypto | crypto ]]
[[ zfs | ZFS ]]
===== Services =====
[[ sendmail | sendmail ]]
[[ printing | Linux Printing ]]
[[ apache | apache ]]
[[ samba3 | samba3 ]]
[[ subversion | subversion ]]
[[ awstats | AwStats ]]
[[ mysql | mysql ]]
[[ postfix | postfix ]]
[[ munin | munin ]]
[[ php | php ]]
[[ rmail2mbox | rmail2mbox ]]
[[ observium | observium ]]
===== Misc =====
[[ tmux | tmux ]]
==== Modern GNU ====
httppie # wget curl
bat # cat
ncdu # du
htop # top
fd # find
exa # la
duf # df
tldr # man
neovim # vim
==== LetsEncrypt on DigitalOcean ====
Use this when the authentication method fails
# Specify the webroot verification method
certbot --authenticator webroot --installer apache
==== List out kernel module options ====
cat /proc/modules | cut -f 1 -d " " | while read module; do \
echo "Module: $module"; \
if [ -d "/sys/module/$module/parameters" ]; then \
ls /sys/module/$module/parameters/ | while read parameter; do \
echo -n "Parameter: $parameter --> "; \
cat /sys/module/$module/parameters/$parameter; \
done; \
fi; \
echo; \
done
==== Find stuff ====
# Find empty directories, delete them
find test -depth -empty -delete
==== Disk clone with progress ====
(pv -n /dev/sda | dd of=/dev/sdb bs=128M conv=notrunc,noerror) 2>&1 | dialog --gauge "Running dd command (cloning), please wait..." 10 70 0
==== Monitoring dd progress with pv ====
sudo dd if=/dev/sdb | pv -s 2G | dd of=DriveCopy1.dd bs=4096
# 440MB 0:00:38 [11.6MB/s] [======> ] 21% ETA 0:02:19
==== Recovering a blown LVM disk ====
#Recover disk to image with some kind of image copy
dd if=/dev/sdc of=/mnt/bigstorage/mydisk.img bs=1M
# Loop the disk
losetup /dev/loop2 /mnt/bigstorage/mydisk.img
# Find the partitions
fdisk -l /dev/loop2
# Remove disk loop
losetup -d /dev/loop2
# Make the disk the size of the original disk if dd stopped early
truncate -s nnnnn /mnt/bigstorage/mydisk.img
# Loop the partition
# offset it sector start (found in the fdisk) times the sector size
# i.e. start sector 2048, sector size 512 = 1048576
losetup --offset xxxx /dev/loop3 /mnt/bigstorage/mydisk.img
# Scan for the disk
pvs
# Check it came online
lvdisplay
# Check it
fsck /dev/mapper/...
==== Testing multi-cast traffic ====
# on receiver
iperf -s -u -B 224.0.0.1 -i 1
# on sender
iperf -c 224.0.0.1 -u -T 32 -t 3 -i 1
# data will appear on receiver
==== Get notifications of file updates ====
yum install inotify-tools
# Use this to rsync files to remote server in near real time
inotifywait -r -m -e close_write --format '%w%f' . | while read MODFILE; do echo $MODFILE; done
==== Assign AD Unix Attr ====
#CN=shared,CN=ypservers,CN=ypServ30,CN=RpcServices,CN=System,DC=shared,DC=sydney,DC=edu,DC=au
==== Reapply Default RHEL Perms ====
# Will take some time, dont run stoopid cmds
# in the first place and this wouldn't happen!
for u in $(rpm -qa); do rpm --setugids $u; done
for p in $(rpm -qa); do rpm --setperms $p; done
# Verify all packages
rpm -Va
==== .bashrc ====
[[ sysadmin:bashrc | .bashrc script ]]
==== SSH Keys ====
ssh-keygen -t rsa -C "Comment"
# View the randomart
#
# add to command line: -o VisualHostKey=yes
# or in ~/.ssh/config
# VisualHostKey=yes
==== Wordpress reverse proxy ====
// Fixes wp-admin/ stripping the basedir
// add to wp-config.php, before define('WP_HOME'...
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
$_SERVER['REQUEST_URI'] = '/sub-dir' . $_SERVER['REQUEST_URI'];
$_SERVER['SCRIPT_NAME'] = '/sub-dir' . $_SERVER['SCRIPT_NAME'];
$_SERVER['PHP_SELF'] = '/sub-dir' . $_SERVER['PHP_SELF'];
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
==== EPEL Repo ====
rpm --import https://rhnss.usyd.edu.au/pub/RPM-GPG-KEY-EPEL-6
==== Ubuntu 14.10 Oracle Java ====
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer
==== PAM Tally ====
# Unlock a user locked by tally
pam_tally2 --user pfowler --reset=0
==== Create shadow password hash ====
# $$$
# $1$ = MD5
# $5$ = SHA-256
# $6$ = SHA-512
#MD5
openssl passwd -1 -salt
mkpasswd -m md5
# Sha
mkpasswd -m sha-512
==== Colorful ====
# Print all the pwetty colors
for i in {0..255} ; do
printf "\x1b[38;5;${i}mcolour${i}\n"
done
==== TCP ====
# Prevent idle connections drop from know it all network admins
# /etc/sysctl.conf
net.ipv4.tcp_keepalive_time = 1800 # Time from last packet till begin keepalive (seconds)
net.ipv4.tcp_keepalive_intvl = 75 # how often to send keepalives (seconds)
net.ipv4.tcp_keepalive_intvl = 20 # How many failed ACKs until determining connection is dead
# Windows
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
DWORD KeepAliveInterval=120000 (2 minutes)
DWORD KeepAliveTime=1000 (1 second)
==== Pear ====
# Set proxy server
sudo pear config-set http_proxy http://www-cache.usyd.edu.au:8080
# Install package
sudo pear install DB
==== Recover files on Networker ====
# Go into directory, then recover console
cd /data/
recover
# List of versions available
recover> versions /etc
# Set a point in time to look at
recover> changetime 10/1/2011
# Add files to be recovered
recover> add logs
# Recover files
recover> recover
# Or recover into new directory
recover> recover -d /data/logs_recovered/
==== Hot Add RAM to RHEL VM ====
# Check for offline blocks
grep offline /sys/devices/system/memory/*/state
# Online each of the mem blocks
IFS='
'
for x in $(grep offline /sys/devices/system/memory/*/state); do MEM=$(echo $x | cut -d: -f1); echo online > $MEM; done
==== Hot Add HDD to RHEL VM ====
# Find the host bus number
grep mpt /sys/class/scsi_host/host?/proc_name
# Which will return the host?
# /sys/class/scsi_host/host0/proc_name:mptspi
# Set it to scan
# controller, channel, lun
echo "- - -" > /sys/class/scsi_host/host0/scan
# Check that it was found
dmesg
==== Online Resize VM disk ====
echo 1 > /sys/block/sdb/device/rescan
dmesg
#sdb: detected capacity change from 21474836480 to 42949672960
#SCSI device sdb: 83886080 512-byte hdwr sectors (42950 MB)
pvresize /dev/sdb
==== SSH Tunnel ====
# Tunnel from local server, through middle, to remote
# This example connects to the web server on remove
ssh pfowler@middle.server.com -NL 10080:remote.server.com:80
# Then connect to the newly created local port
telnet localhost 10080
# This will bind to all interfaces (Instead of just localhost)
ssh pfowler@middle.server.com -NL 0.0.0.0:10080:remote.server.com:80
# Socks proxy
ssh -D 0.0.0.0:3128 pfowler@inetserver
# Chaining
ssh -NL 6000:B:22 -o TCPKeepAlive=no -o ServerAliveInterval=15 A &
ssh -NL 6001:C:22 -o TCPKeepAlive=no -o ServerAliveInterval=15 localhost -p 6000 &
ssh -NL 6002:D:22 -o TCPKeepAlive=no -o ServerAliveInterval=15 localhost -p 6001 &
ssh -NL 6003:E:22 -o TCPKeepAlive=no -o ServerAliveInterval=15 localhost -p 6002 &
ssh localhost -p 6003
Welcome to E!
$
==== Obby ====
# Install
sudo apt-get install infinoted kobby
# Create a certificate (Watch the double '-' f'ing up in Wiki)
mkdir /opt/obby && cd /opt/obby
infinoted --create-key --create-certificate -k keyE.pem -c cert.pem
# Add to rc.local
/usr/bin/infinoted -k /opt/obby/key.pem -c /opt/obby/cert.pem
==== NetCat ====
{{:sysadmin:netcat_cheat_sheet_v1.pdf|Cheat Sheet}}
# Listen on a port
nc -l
# Port scanner
nc -v -w 1 localhost -z 1-3000
# File Transfer
nc -lp 2222 > file.zip # Destination
nc -w 1 10.48.2.40 2222 < file.zip # Source
# Telnet server
nc -lp 2222 -e /bin/bash
# Simple web server
while true; do nc -l -p 80 -q 1 < error.html; done
# Hard drive cloning
dd if=/dev/sda | nc 192.168.0.1 9000 # Source
nc -l -p 9000 | dd of=/dev/sda # Destination
==== DIG ====
http://www.madboa.com/geek/dig/
==== Mount a dir on another dir ====
mount -t none -o rw,bind /mnt/newdisk/tmp /tmp
==== Find hardware model ====
/usr/sbin/dmidecode | grep "Product Name" | head -1
==== 3TB Partitions ====
(parted) mklabel gpt
(parted) unit TB
#(parted) mkpart primary 0.00TB 3.00TB
# Use all space instead
(parted) mkpart primary 0% 100%
(parted) print
(parted) quit
==== LVM in 3 Minutes ====
[[http://www.walkernews.net/2007/07/02/how-to-create-linux-lvm-in-3-minutes/]]
# Create partition on drives
fdisk /dev/sdb
fdisk /dev/sdc
# Create the physical volumes
pvcreate /dev/sdb1
pvcreate /dev/sdc1
# Create the volumne group
vgcreate -s 16M vg00 /dev/sdb1 /dev/sdc1
# Create logical group
lvcreate -L 100G -n lvol0 vg00
lvcreate -l 100%FREE -n lvol1 vg00
# Make Ext4 parition
mkfs.ext4 /dev/mapper/vg00-lvol0
# Mount the mofo
mount /dev/mapper/vg00-lvol0 /mnt/storage
==== Resize a partition ====
parted /dev/sda
(parted) resizepart 1 100%
(parted) quit
resize2fs /dev/sda
==== Update DNS with hostname ====
# Add to /etc/sysconfig/network-scripts/ifcfg-eth0
DHCP_HOSTNAME=$HOSTNAME
==== Discover DHCP servers on network ====
nmap --script broadcast-dhcp-discover -e enp5s0f0
==== LSOF ====
http://www.ibm.com/developerworks/aix/library/au-lsof.html
# Top 10 open files
lsof | sort -n -k7 -r | uniq -f8 | head
# Open From directory
lsof +D /path/to/dir/
# By PID
lsof -a -p
==== Tar over Network ====
#Create a tmp file
TEMPFILE=$(mktemp -p /var/tmp)
# Alternative:
cat file.tar.gz | ssh -C user@serverip 'cd /un/tar/dir && tar -xvp'
==== Dialog and XDialog ====
[[http://linuxgazette.net/101/sunil.html]]
==== Packages Stuff ====
# List installed packages
rpm -qa
dpkg-query -l *
# List files from install package
rpm -ql foo
dpkg-query -L foo
# What package owns a file
rpm -qf /usr/bin/mysql
dpkg-query -S /usr/bin/cupsdconf
# What files are in a package
rpm -qpl pkg.rpm
# Remove a package
dpkg -r
# Verify all installed packages
rpm -Va
# Rebuild corrupted DB
cd /var/lib/rpm
rm __db*
rpm --rebuilddb
rpmdb_verify Packages
==== Australian Timezones ====
^ OS ^ Config File ^
| RHEL5 | /etc/sysconfig/clock |
| Debian | /etc/timezone |
And update localtime:
ln -sf /usr/share/zoneinfo/Australia/Sydney /etc/localtime
Australia/ACT
Australia/Adelaide
Australia/Brisbane
Australia/Broken_Hill
Australia/Canberra
Australia/Currie
Australia/Darwin
Australia/Eucla
Australia/Hobart
Australia/LHI
Australia/Lindeman
Australia/Lord_Howe
Australia/Melbourne
Australia/NSW
Australia/North
Australia/Perth
Australia/Queensland
Australia/South
Australia/Sydney
Australia/Tasmania
Australia/Victoria
Australia/West