quickreference:unix
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
quickreference:unix [2021/10/06 15:42] – rodolico | quickreference:unix [2023/10/19 17:32] – [Rename Server] rodolico | ||
---|---|---|---|
Line 5: | Line 5: | ||
===== Systems Administration ===== | ===== Systems Administration ===== | ||
+ | ==== Partitioning large drives ==== | ||
+ | |||
+ | Drives greater than 2 Terabytes are not handled well by the standard //fdisk// application, | ||
+ | |||
+ | This assumes we have a drive, sdg, that we want to set up with gpt and create one partition on. That partition will set up on optimal sector boundries, and use all of the space available. | ||
+ | |||
+ | <code bash> | ||
+ | # remove all old file system information. Not necessary, but I do it just because I can | ||
+ | wipefs -a /dev/sdg | ||
+ | # make this a gpt disk. Will wipe out any other partitioning scheme | ||
+ | parted /dev/sdg mklabel gpt | ||
+ | # make a new partition on optimal sector boundries. This is a primary partition, and starts | ||
+ | # at the beginning of the disk (0%) and goes to the end of the disk (100%) | ||
+ | # I put that in quotes as, from what I've read, the percent symbol does not work well | ||
+ | # within the bash command line | ||
+ | # note, we are not telling it what file system to use, so it defaults to Linux | ||
+ | parted -a optimal /dev/sdg mkpart primary ' | ||
+ | # display the information on the disk | ||
+ | parted /dev/sdg print | ||
+ | # format as ext4, no reserved space, and a disk label marked ' | ||
+ | mkfs.ext4 -m0 -Lbackup /dev/sdg | ||
+ | |||
+ | </ | ||
+ | ==== Rapidly wipe multiple hard drives ==== | ||
+ | |||
+ | Nothing beats DBAN [https:// | ||
+ | |||
+ | <code bash wipedrives.sh> | ||
+ | #! / | ||
+ | |||
+ | # for truly not sensitive information, | ||
+ | for drive in a b c d e f g | ||
+ | do | ||
+ | | ||
+ | done | ||
+ | # but, to really remove in a way that takes tons of effort to recover, do this also | ||
+ | for drive in a b c | ||
+ | do | ||
+ | echo Cleaning sd%drive | ||
+ | dd if=/ | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | I had 7 drives to wipe, and this takes about 5 hours per drive, so a total of 35 hours. I realized I could probably run all 7 processes in parallel since, on my system, the drive controller is a lot faster than any individual drive So I decided to use the //screen// command and see if I could make that work. | ||
+ | |||
+ | <code bash wipedrives2.sh> | ||
+ | #! / | ||
+ | |||
+ | for drive in a b c d e f g h | ||
+ | do | ||
+ | | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | Basically, we're using a bash for loop to grab all the drive names (I just used the last letter), running screen and immediately detaching the new process after telling it to run //bash -c// and the command after it in quotes (so it would not interpret the pipes in our current, non-screen shell). I'm running this right now, and //pv// is predicting it will be done in 11.5 hours, or less than a third of the time. BUT, it is really heating up the office with 7 drives being continuously written to at the same time. | ||
+ | |||
+ | **Warning**: | ||
+ | |||
+ | <code bash> | ||
+ | # find any mdadm volumes running on Linux | ||
+ | cat / | ||
+ | # assuming it showed you md127 was running (normal) | ||
+ | mdadm --stop /dev/md127 | ||
+ | # it should stop the MD array and make the individual drives accessible | ||
+ | </ | ||
+ | |||
+ | ==== Check SSL Cert Expiration Date ==== | ||
+ | |||
+ | Ever wondered when your SMTP SSL Certificates are up for renewal? What DNS entries your certificates have? A quick and dirty way of doing it from the command line was shown at [https:// | ||
+ | |||
+ | Note: the discussions covered other things, and are well worth a 5 minute read. | ||
+ | |||
+ | This is a quick and dirty that will get the certificate (and a lot of other stuff), but the certificate is in its MIME encoded format. | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | </ | ||
+ | |||
+ | This basically makes a connection to smtp.example.com on port 25, issuing a starttls, then sends the //quit// command which logs out. The openssl command retrieves the the entire conversation, | ||
+ | |||
+ | You can do the same thing for other ports, like 587 for submission. If you want to test the SSL port (465), just remove the //-starttls smtp// from the command: | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | </ | ||
+ | |||
+ | If you want to test an IMAP server, you need to send it a different logout (the first line). To log out of it, you need //a1 logout// followed by a line return, so | ||
+ | |||
+ | <code bash> | ||
+ | printf 'a1 logout\n' | ||
+ | openssl s_client -connect mail.example.com: | ||
+ | </ | ||
+ | |||
+ | Again, connecting to imaps (port 993), you just don't do the starttls | ||
+ | |||
+ | <code bash> | ||
+ | printf 'a1 logout\n' | ||
+ | openssl s_client -connect mail.example.com: | ||
+ | </ | ||
+ | |||
+ | And, finally, to look at a web site certificate, | ||
+ | <code bash> | ||
+ | printf " | ||
+ | openssl s_client -showcerts -servername web.example.com -connect web.example.com: | ||
+ | </ | ||
+ | |||
+ | All the above is well and good, but it would be nice to decode the certificate, | ||
+ | |||
+ | === Dump the certificate === | ||
+ | |||
+ | Turning the certificate into something a human can read is done with the command //-text// flag, so let's pipe the output of the previous command to that. | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -text -noout | ||
+ | </ | ||
+ | |||
+ | If you want to find what names the certificate is valid for, they are on a line which contains the text DNS, so grepping the output of the above will give you what you need without reading the whole thing. | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -text -noout | \ | ||
+ | grep DNS | ||
+ | </ | ||
+ | |||
+ | === Get Dates === | ||
+ | |||
+ | You could use //grep// to find the expiration date of a certificate | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -text -noout | \ | ||
+ | grep 'Not After :' | ||
+ | </ | ||
+ | |||
+ | But, the openssl x509 has a special flag for that, //-dates//, so it is simpler to write it as | ||
+ | |||
+ | <code bash> | ||
+ | printf ' | ||
+ | openssl s_client -connect smtp.example.com: | ||
+ | openssl x509 -dates -noout | ||
+ | </ | ||
+ | |||
+ | === Other === | ||
+ | |||
+ | Again, //man openssl-x509// | ||
+ | -serial - the serial number of the certificate | ||
+ | -subject - Subject Name | ||
+ | -issuer - Issuer Name | ||
+ | -startdate - beginning date of certificate (notBefore) | ||
+ | -enddate - expiry date of certificate (notAfter) | ||
==== Rename Server ==== | ==== Rename Server ==== | ||
Line 17: | Line 173: | ||
<code bash> | <code bash> | ||
# change the host name, and the postfix name if that is installed | # change the host name, and the postfix name if that is installed | ||
- | sed -i.old ' | + | sed -i.old ' |
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
/ | / | ||
# update the aliases, if they exist | # update the aliases, if they exist | ||
Line 87: | Line 249: | ||
I generally prefer a swap //file// as opposed to a swap // | I generally prefer a swap //file// as opposed to a swap // | ||
+ | |||
+ | This came from https:// | ||
<code bash> | <code bash> | ||
Line 104: | Line 268: | ||
</ | </ | ||
+ | For BSD (FreeBSD specifically), | ||
+ | <code bash> | ||
+ | # create an 8G swapfile | ||
+ | dd if=/ | ||
+ | # set permissions very restrictive | ||
+ | chmod 600 /swapfile | ||
+ | # make a copy of fstab, in case we mess something up | ||
+ | cp -a /etc/fstab / | ||
+ | # use mdconfig -lv to find an used md device. In this case, I'm using 42 | ||
+ | echo ' | ||
+ | # turn on all defined swap devices | ||
+ | swapon -a | ||
+ | # now list them | ||
+ | swapinfo -g | ||
+ | </ | ||
+ | |||
+ | If, as in the case I ran into one time, you have an active swap device you want to get rid of, use swapinfo to find it, then use **swapoff / | ||
==== Mount davfs file system ==== | ==== Mount davfs file system ==== | ||
Line 144: | Line 325: | ||
===== Shell (mainly BASH) ===== | ===== Shell (mainly BASH) ===== | ||
+ | |||
+ | ==== Find files within date range containing text ==== | ||
+ | |||
+ | A client needed to find a lost e-mail. All he knew was that it arrived sometime on the 24th of Apr 2020, and who it was from. Not sure if the // | ||
+ | |||
+ | <code bash> | ||
+ | find Maildir -type f -newerct '26 Apr 2022 00: | ||
+ | </ | ||
+ | |||
+ | This is very fast, since the find command rapidly decreases the number of messages which must be scanned (he has almost 300k e-mails in various folders, and it took less than 2 seconds). | ||
+ | |||
+ | ==== Find newest files in a directory tree ==== | ||
+ | |||
+ | This will go through an entire directory tree under the current directory and locate the newest 5 files. | ||
+ | |||
+ | <code bash> | ||
+ | find . -type f -exec stat --format '%Y :%y %n' " | ||
+ | </ | ||
+ | |||
+ | * Change //find .// to //find / | ||
+ | * Change //head// to //head -n 10// to grab the newest 10 files. | ||
+ | * You can add any kind of filter also, so entering //-iname ' | ||
+ | |||
==== Count all files in directory tree(s) ==== | ==== Count all files in directory tree(s) ==== | ||
Line 294: | Line 498: | ||
* https:// | * https:// | ||
* https:// | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
+ | * https:// | ||
quickreference/unix.txt · Last modified: 2024/03/04 15:54 by rodolico